[patch] libc Berkeley DB information leak

[Jaakko Heinonen]

Hi,

FreeBSD libc Berkeley DB can leak sensitive information to database
files. The problem is that it writes uninitialized memory obtained from
malloc(3) to database files.

You can use this simple test program to reproduce the behavior:

http://www.saunalahti.fi/~jh3/dbtest.c

Run the program and see the resulting test.db file which will contain a
sequence of 0xa5 bytes directly from malloc(3). (See malloc(3) manual
page for the explanation for the "J" flag if you need more information.)

This has been reported as PR 123529
(http://www.freebsd.org/cgi/query-pr.cgi?pr=123529) which contains a
real information leak case. The PR is assigned to secteam and I have
also personally reported it to secteam but I haven't heard a word from
secteam members.

A code to initialize malloc'd memory exists but the feature must be
enabled with PURIFY macro. With following patch applied
the test program doesn't output 0xa5 bytes to the database file:

%%%
Index: lib/libc/db/hash/hash_buf.c
===================================================================
--- lib/libc/db/hash/hash_buf.c	(revision 187214)
+++ lib/libc/db/hash/hash_buf.c	(working copy)
@@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 #ifdef DEBUG
 #include <assert.h>
Index: lib/libc/db/Makefile.inc
===================================================================
--- lib/libc/db/Makefile.inc	(revision 187214)
+++ lib/libc/db/Makefile.inc	(working copy)
@@ -3,6 +3,8 @@
 #
 CFLAGS+=-D__DBINTERFACE_PRIVATE
 
+CFLAGS+=-DPURIFY
+
 .include "${.CURDIR}/db/btree/Makefile.inc"
 .include "${.CURDIR}/db/db/Makefile.inc"
 .include "${.CURDIR}/db/hash/Makefile.inc"
%%%

Could someone consider committing this or some other fix for the
problem?

-- 
Jaakko